Configure Okta Device Trust for managed devices with Mobile Device Manager Plus
Okta Device Trust is Okta's conditional access policy which evaluates whether a user who is seeking access to the Okta portal is authorized to access it.
Using Okta Device Trust with Mobile Device Manager Plus you can ensure only managed devices get access to your organization's work apps and other resources. Raise your workspace standards by ensuring a password less authentication policy for your users while enhancing corporate device security in a hybrid work environment.
Pre-requisite:
- The device should be enrolled in MDM. Learn more about the different enrollment methods available in Mobile Device Manager Plus.
- The devices should have Okta Device attestation. This can be achieved through App Configurations for Android and iOS, and SCEP profile for macOS and Windows respectively.
Steps
Follow the steps below to provision Okta Device Trust with Mobile Device Manager Plus:
Adding CA Policy
- Login to the Okta portal , and under Security, go to Authentication Policies and click on Add Policy.
- Provide a name for the policy and click Save to proceed.
- Next click on Add Rule and give a name for the Rule.Then configure the rules as per your organization policies. To learn more about the authentication policy rules, click here.
- Ensure that the Device state is set as Registered, and correspondingly the Device Management state is set to Managed in the rule. Then click Save.
Note:
Confirm that the devices have Okta Device attestation before configuring the above rule.
Disabling Catch All Rule
The Catch All Rule is the last set of conditions which Okta will check before allowing or denying access to a device. This rule should be disabled to prevent the possibility of a device getting access thanks to complying with any of the pre-configured conditions under the Catch All Rule.
- Scroll down and click on Actions and choose Edit.
- After that under the THEN conditions, opt Denied, and click Save
Adding Apps
Next add the apps which should be provisioned with Device Trust. To do that, go to Applications and click on Add app. Then search and add the apps.
With this you can provision Okta Device Trust to the devices in your organization using Mobile Device Manager Plus.